User authentication involves a user providing a current password to an authentication server. The authentication server then compares the current password to an expected password to determine whether the user is the legitimate user or a fraudster (i.e., a malicious person posing as the legitimate user).
A typical password may be a word or a statement such as “goyankees”. A more complicated password may have one or more characters of the word or statement substituted with a number or a metacharacter such as “g0y@nk3e$”.